From 14eb767c9c7b83146c70cbd075288506c94a1e6e Mon Sep 17 00:00:00 2001 From: Andrew Paxley Date: Thu, 15 Jun 2023 23:30:17 +1200 Subject: [PATCH] ENH update SiteTree permissions in CMS --- code/Model/SiteTree.php | 36 +++++++++++++++++++++++++++++++++++- lang/en.yml | 3 +++ 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/code/Model/SiteTree.php b/code/Model/SiteTree.php index 9027951dc5..a9bb223ddd 100755 --- a/code/Model/SiteTree.php +++ b/code/Model/SiteTree.php @@ -35,6 +35,7 @@ use SilverStripe\Forms\GridField\GridFieldDataColumns; use SilverStripe\Forms\GridField\GridFieldLazyLoader; use SilverStripe\Forms\HTMLEditor\HTMLEditorField; +use SilverStripe\Forms\ListboxField; use SilverStripe\Forms\LiteralField; use SilverStripe\Forms\OptionsetField; use SilverStripe\Forms\Tab; @@ -1187,6 +1188,14 @@ public function canView($member = null) return true; } + // check for specific users + if ($this->CanViewType === InheritedPermissions::ONLY_THESE_MEMBERS + && $member + && $this->ViewerMembers()->filter('ID', $member->ID)->count() > 0 + ) { + return true; + } + return false; } @@ -2238,6 +2247,7 @@ public function getSettingsFields() }; $viewAllGroupsMap = $mapFn(Permission::get_groups_by_permission(['SITETREE_VIEW_ALL', 'ADMIN'])); $editAllGroupsMap = $mapFn(Permission::get_groups_by_permission(['SITETREE_EDIT_ALL', 'ADMIN'])); + $membersMap = Member::get()->map('ID', 'Name'); $fields = new FieldList( $rootTab = new TabSet( @@ -2269,6 +2279,11 @@ public function getSettingsFields() _t(__CLASS__.'.VIEWERGROUPS', "Viewer Groups"), Group::class ), + $viewerMembersField = ListboxField::create( + "ViewerMembers", + _t(__CLASS__.'.VIEWERMEMBERS', "Viewer Users"), + $membersMap, + ), $editorsOptionsField = new OptionsetField( "CanEditType", _t(__CLASS__.'.EDITHEADER', "Who can edit this page?") @@ -2277,6 +2292,11 @@ public function getSettingsFields() "EditorGroups", _t(__CLASS__.'.EDITORGROUPS', "Editor Groups"), Group::class + ), + $editorMembersField = ListboxField::create( + "EditorMembers", + _t(__CLASS__.'.EDITORMEMBERS', "Editor Users"), + $membersMap ) ) ) @@ -2317,6 +2337,10 @@ public function getSettingsFields() __CLASS__.'.ACCESSONLYTHESE', "Only these groups (choose from list)" ), + InheritedPermissions::ONLY_THESE_MEMBERS => _t( + __CLASS__.'.ACCESSONLYMEMBERS', + "Only these users (choose from list)" + ), ]; $viewersOptionsField->setSource($viewersOptionsSource); @@ -2343,17 +2367,27 @@ public function getSettingsFields() if (!Permission::check('SITETREE_GRANT_ACCESS')) { $fields->makeFieldReadonly($viewersOptionsField); - if ($this->CanEditType === InheritedPermissions::ONLY_THESE_USERS) { + if ($this->CanViewType === InheritedPermissions::ONLY_THESE_USERS) { $fields->makeFieldReadonly($viewerGroupsField); + $fields->removeByName('ViewerMembers'); + } elseif ($this->CanViewType === InheritedPermissions::ONLY_THESE_MEMBERS) { + $fields->makeFieldReadonly($viewerMembersField); + $fields->removeByName('ViewerGroups'); } else { $fields->removeByName('ViewerGroups'); + $fields->removeByName('ViewerMembers'); } $fields->makeFieldReadonly($editorsOptionsField); if ($this->CanEditType === InheritedPermissions::ONLY_THESE_USERS) { $fields->makeFieldReadonly($editorGroupsField); + $fields->removeByName('EditorMembers'); + } elseif ($this->CanEditType === InheritedPermissions::ONLY_THESE_MEMBERS) { + $fields->makeFieldReadonly($editorMembersField); + $fields->removeByName('EditorGroups'); } else { $fields->removeByName('EditorGroups'); + $fields->removeByName('EditorMembers'); } } diff --git a/lang/en.yml b/lang/en.yml index f07ab85856..10ad0e216e 100644 --- a/lang/en.yml +++ b/lang/en.yml @@ -173,6 +173,7 @@ en: ACCESSANYONE: Anyone ACCESSHEADER: 'Who can view this page?' ACCESSLOGGEDIN: 'Logged-in users' + ACCESSONLYMEMBERS: 'Only these users (choose from list)' ACCESSONLYTHESE: 'Only these groups (choose from list)' ADDEDTODRAFTHELP: 'Page has not been published yet' ADDEDTODRAFTSHORT: Draft @@ -200,6 +201,7 @@ en: DependtPageColumnLinkType: 'Link type' EDITHEADER: 'Who can edit this page?' EDITORGROUPS: 'Editor Groups' + EDITORMEMBERS: 'Editor Users' EDITOR_GROUPS_FIELD_DESC: 'Groups with global edit permissions: {groupList}' EDIT_ALL_DESCRIPTION: 'Edit any page' EDIT_ALL_HELP: 'Ability to edit any page on the site, regardless of the settings on the Access tab. Requires the "Access to ''Pages'' section" permission' @@ -257,6 +259,7 @@ en: URLSegment: 'URL segment' UntitledDependentObject: 'Untitled {instanceType}' VIEWERGROUPS: 'Viewer Groups' + VIEWERMEMBERS: 'Viewer Users' VIEWER_GROUPS_FIELD_DESC: 'Groups with global view permissions: {groupList}' VIEW_ALL_DESCRIPTION: 'View any page' VIEW_ALL_HELP: 'Ability to view any page on the site, regardless of the settings on the Access tab. Requires the "Access to ''Pages'' section" permission'